upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-09 08:44:07 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

Merge pull request #37724 from nextcloud/fix/encryption-signature-check-logic

Browse source 
Cleanup signature checking logic in encryption
This commit is contained in:
Christoph Wurst 2023-04-17 17:39:34 +02:00 committed by GitHub
commit b952066140
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
apps/encryption/lib/Crypto/Crypt.php
View file

@ -523,10 +523,12 @@ class Crypt {
$signature = $this->createSignature($data, $passPhrase);
$isCorrectHash = hash_equals($expectedSignature, $signature);
if (!$isCorrectHash && $enforceSignature) {
throw new GenericEncryptionException('Bad Signature', $this->l->t('Bad Signature'));
} elseif (!$isCorrectHash && !$enforceSignature) {
$this->logger->info("Signature check skipped", ['app' => 'encryption']);
if (!$isCorrectHash) {
if ($enforceSignature) {
throw new GenericEncryptionException('Bad Signature', $this->l->t('Bad Signature'));
} else {
$this->logger->info("Signature check skipped", ['app' => 'encryption']);
}
}
}